<?php 

	require_once '../../config.php';

	if (empty($_GET['username'])) {
		exit('<h1>参数错误</h1>');	
	}

	// 防sql注入
	$username = explode(' ', $_GET['username'])[0];

	$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
	if (!$conn) {
		exit();
	}

	$query = mysqli_query($conn, "select * from users where username='{$username}' limit 1;");

	$user = mysqli_fetch_assoc($query);
	if (!$user) {
		exit();
	}
	echo $user['avatar'];
